Merge pull request #20598 from mguetschow/psa-hashes-sha512-truncated

sys/psa_crypto: SHA-{384,512/{224,256}}
RIOT-OS · May 17, 2024 · 3255b95 · 3255b95
2 parents 719663f + 6be95ca
commit 3255b95
Show file tree

Hide file tree

Showing 23 changed files with 724 additions and 49 deletions.
diff --git a/examples/psa_crypto/Makefile b/examples/psa_crypto/Makefile
@@ -98,6 +98,14 @@ else
   USEMODULE += psa_cipher
   USEMODULE += psa_cipher_aes_128_cbc
 
+  USEMODULE += psa_hash
+  USEMODULE += psa_hash_sha_224
+  USEMODULE += psa_hash_sha_256
+  USEMODULE += psa_hash_sha_384
+  USEMODULE += psa_hash_sha_512
+  USEMODULE += psa_hash_sha_512_224
+  USEMODULE += psa_hash_sha_512_256
+
   USEMODULE += psa_mac
   USEMODULE += psa_mac_hmac_sha_256
 

diff --git a/examples/psa_crypto/example_hash.c b/examples/psa_crypto/example_hash.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup examples
+ * @{
+ *
+ * @brief   Example functions for different hashing algorithms supported by PSA Crypto
+ *
+ * @author  Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+
+#include "psa/crypto.h"
+
+static const uint8_t msg[] = "Hello World!";
+static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
+
+static const uint8_t hash_sha224[] = {
+    0x45, 0x75, 0xbb, 0x4e, 0xc1, 0x29, 0xdf, 0x63, 0x80, 0xce, 0xdd, 0xe6, 0xd7,
+    0x12, 0x17, 0xfe, 0x05, 0x36, 0xf8, 0xff, 0xc4, 0xe1, 0x8b, 0xca, 0x53, 0x0a,
+    0x7a, 0x1b};
+
+static const uint8_t hash_sha256[] = {
+    0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, 0x48,
+    0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, 0x4a, 0xdd,
+    0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69};
+
+static const uint8_t hash_sha384[] = {
+    0xbf, 0xd7, 0x6c, 0x0e, 0xbb, 0xd0, 0x06, 0xfe, 0xe5, 0x83, 0x41, 0x05, 0x47,
+    0xc1, 0x88, 0x7b, 0x02, 0x92, 0xbe, 0x76, 0xd5, 0x82, 0xd9, 0x6c, 0x24, 0x2d,
+    0x2a, 0x79, 0x27, 0x23, 0xe3, 0xfd, 0x6f, 0xd0, 0x61, 0xf9, 0xd5, 0xcf, 0xd1,
+    0x3b, 0x8f, 0x96, 0x13, 0x58, 0xe6, 0xad, 0xba, 0x4a};
+
+static const uint8_t hash_sha512[] = {
+    0x86, 0x18, 0x44, 0xd6, 0x70, 0x4e, 0x85, 0x73, 0xfe, 0xc3, 0x4d, 0x96, 0x7e,
+    0x20, 0xbc, 0xfe, 0xf3, 0xd4, 0x24, 0xcf, 0x48, 0xbe, 0x04, 0xe6, 0xdc, 0x08,
+    0xf2, 0xbd, 0x58, 0xc7, 0x29, 0x74, 0x33, 0x71, 0x01, 0x5e, 0xad, 0x89, 0x1c,
+    0xc3, 0xcf, 0x1c, 0x9d, 0x34, 0xb4, 0x92, 0x64, 0xb5, 0x10, 0x75, 0x1b, 0x1f,
+    0xf9, 0xe5, 0x37, 0x93, 0x7b, 0xc4, 0x6b, 0x5d, 0x6f, 0xf4, 0xec, 0xc8};
+
+static const uint8_t hash_sha512_224[] = {
+    0xba, 0x07, 0x02, 0xdd, 0x8d, 0xd2, 0x32, 0x80, 0xb6, 0x17, 0xef, 0x28, 0x8b,
+    0xcc, 0x7e, 0x27, 0x60, 0x60, 0xb8, 0xeb, 0xcd, 0xdf, 0x28, 0xf8, 0xe4, 0x35,
+    0x6e, 0xae};
+
+static const uint8_t hash_sha512_256[] = {
+    0xf3, 0x71, 0x31, 0x9e, 0xee, 0x6b, 0x39, 0xb0, 0x58, 0xec, 0x26, 0x2d, 0x4e,
+    0x72, 0x3a, 0x26, 0x71, 0x0e, 0x46, 0x76, 0x13, 0x01, 0xc8, 0xb5, 0x4c, 0x56,
+    0xfa, 0x72, 0x22, 0x67, 0x58, 0x1a};
+
+/**
+ * @brief   Example function to use different hash algorithms
+ *          with the PSA Crypto API.
+ *
+ * @return  psa_status_t
+ */
+psa_status_t example_hash(void)
+{
+    psa_status_t status = PSA_ERROR_DOES_NOT_EXIST;
+
+    status = psa_hash_compare(PSA_ALG_SHA_224, msg, msg_len, hash_sha224, sizeof(hash_sha224));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_256, msg, msg_len, hash_sha256, sizeof(hash_sha256));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_384, msg, msg_len, hash_sha384, sizeof(hash_sha384));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512, msg, msg_len, hash_sha512, sizeof(hash_sha512));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512_224, msg, msg_len, hash_sha512_224, sizeof(hash_sha512_224));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512_256, msg, msg_len, hash_sha512_256, sizeof(hash_sha512_256));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    return status;
+}
diff --git a/examples/psa_crypto/main.c b/examples/psa_crypto/main.c
@@ -37,6 +37,8 @@ extern psa_status_t example_eddsa(void);
 #endif
 #endif
 
+extern psa_status_t example_hash(void);
+
 #ifdef MULTIPLE_SE
 #if IS_USED(MODULE_PSA_CIPHER)
 extern psa_status_t example_cipher_aes_128_sec_se(void);
@@ -63,6 +65,13 @@ int main(void)
     (void)status;
     (void)start;
 
+    status = example_hash();
+    printf("Hash took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
+    if (status != PSA_SUCCESS) {
+        failed = true;
+        printf("Hash failed: %s\n", psa_status_to_humanly_readable(status));
+    }
+
 #if IS_USED(MODULE_PSA_MAC)
     status = example_hmac_sha256();
     printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));

diff --git a/features.yaml b/features.yaml
@@ -835,8 +835,14 @@ groups:
       help: SHA-224 hardware acceleration present.
     - name: periph_hash_sha_256
       help: SHA-256 hardware acceleration present.
+    - name: periph_hash_sha_384
+      help: SHA-384 hardware acceleration present.
     - name: periph_hash_sha_512
       help: SHA-512 hardware acceleration present.
+    - name: periph_hash_sha_512_224
+      help: SHA-512/224 hardware acceleration present.
+    - name: periph_hash_sha_512_256
+      help: SHA-512/256 hardware acceleration present.
     - name: periph_hmac_sha_256
       help: HMAC SHA-256 hardware acceleration present.
     - name: periph_hwrng

diff --git a/makefiles/features_existing.inc.mk b/makefiles/features_existing.inc.mk
@@ -182,7 +182,10 @@ FEATURES_EXISTING := \
     periph_hash_sha_1 \
     periph_hash_sha_224 \
     periph_hash_sha_256 \
+    periph_hash_sha_384 \
     periph_hash_sha_512 \
+    periph_hash_sha_512_224 \
+    periph_hash_sha_512_256 \
     periph_hmac_sha_256 \
     periph_hwrng \
     periph_i2c \

diff --git a/makefiles/features_modules.inc.mk b/makefiles/features_modules.inc.mk
@@ -29,7 +29,10 @@ PERIPH_IGNORE_MODULES := \
   periph_hash_sha_1 \
   periph_hash_sha_224 \
   periph_hash_sha_256 \
+  periph_hash_sha_384 \
   periph_hash_sha_512 \
+  periph_hash_sha_512_224 \
+  periph_hash_sha_512_256 \
   periph_hmac_sha_256 \
   periph_i2c_hw \
   periph_i2c_sw \

diff --git a/makefiles/pseudomodules.inc.mk b/makefiles/pseudomodules.inc.mk
@@ -361,7 +361,10 @@ PSEUDOMODULES += psa_riot_hashes_md5
 PSEUDOMODULES += psa_riot_hashes_sha_1
 PSEUDOMODULES += psa_riot_hashes_sha_224
 PSEUDOMODULES += psa_riot_hashes_sha_256
+PSEUDOMODULES += psa_riot_hashes_sha_384
 PSEUDOMODULES += psa_riot_hashes_sha_512
+PSEUDOMODULES += psa_riot_hashes_sha_512_224
+PSEUDOMODULES += psa_riot_hashes_sha_512_256
 PSEUDOMODULES += psa_riot_hashes_hmac_sha256
 PSEUDOMODULES += fortuna_reseed
 PSEUDOMODULES += riotboot_%

diff --git a/sys/hashes/psa_riot_hashes/sha_384.c b/sys/hashes/psa_riot_hashes/sha_384.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_psa_crypto
+ * @{
+ *
+ * @brief       Glue code translating between PSA Crypto and the RIOT Hash module
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include "psa/crypto.h"
+#include "hashes/psa/riot_hashes.h"
+
+psa_status_t psa_hashes_sha384_setup(psa_hashes_sha384_ctx_t *ctx)
+{
+    sha384_init((sha384_context_t *)ctx);
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_hashes_sha384_update(psa_hashes_sha384_ctx_t *ctx,
+                                      const uint8_t *input,
+                                      size_t input_length)
+{
+    sha384_update((sha384_context_t *)ctx, input, input_length);
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_hashes_sha384_finish(psa_hashes_sha384_ctx_t *ctx,
+                                      uint8_t *hash,
+                                      size_t hash_size,
+                                      size_t *hash_length)
+{
+    sha384_final((sha384_context_t *)ctx, hash);
+
+    (void)hash_size;
+    (void)hash_length;
+    return PSA_SUCCESS;
+}
diff --git a/sys/hashes/psa_riot_hashes/sha_512_224.c b/sys/hashes/psa_riot_hashes/sha_512_224.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_psa_crypto
+ * @{
+ *
+ * @brief       Glue code translating between PSA Crypto and the RIOT Hash module
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include "psa/crypto.h"
+#include "hashes/psa/riot_hashes.h"
+
+psa_status_t psa_hashes_sha512_224_setup(psa_hashes_sha512_224_ctx_t *ctx)
+{
+    sha512_224_init((sha512_224_context_t *)ctx);
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_hashes_sha512_224_update(psa_hashes_sha512_224_ctx_t *ctx,
+                                      const uint8_t *input,
+                                      size_t input_length)
+{
+    sha512_224_update((sha512_224_context_t *)ctx, input, input_length);
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_hashes_sha512_224_finish(psa_hashes_sha512_224_ctx_t *ctx,
+                                      uint8_t *hash,
+                                      size_t hash_size,
+                                      size_t *hash_length)
+{
+    sha512_224_final((sha512_224_context_t *)ctx, hash);
+
+    (void)hash_size;
+    (void)hash_length;
+    return PSA_SUCCESS;
+}
diff --git a/sys/hashes/psa_riot_hashes/sha_512_256.c b/sys/hashes/psa_riot_hashes/sha_512_256.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_psa_crypto
+ * @{
+ *
+ * @brief       Glue code translating between PSA Crypto and the RIOT Hash module
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include "psa/crypto.h"
+#include "hashes/psa/riot_hashes.h"
+
+psa_status_t psa_hashes_sha512_256_setup(psa_hashes_sha512_256_ctx_t *ctx)
+{
+    sha512_256_init((sha512_256_context_t *)ctx);
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_hashes_sha512_256_update(psa_hashes_sha512_256_ctx_t *ctx,
+                                      const uint8_t *input,
+                                      size_t input_length)
+{
+    sha512_256_update((sha512_256_context_t *)ctx, input, input_length);
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_hashes_sha512_256_finish(psa_hashes_sha512_256_ctx_t *ctx,
+                                      uint8_t *hash,
+                                      size_t hash_size,
+                                      size_t *hash_length)
+{
+    sha512_256_final((sha512_256_context_t *)ctx, hash);
+
+    (void)hash_size;
+    (void)hash_length;
+    return PSA_SUCCESS;
+}
diff --git a/sys/include/hashes/psa/riot_hashes.h b/sys/include/hashes/psa/riot_hashes.h
@@ -49,12 +49,30 @@ typedef sha224_context_t psa_hashes_sha224_ctx_t;
 typedef sha256_context_t psa_hashes_sha256_ctx_t;
 #endif
 
+#if (IS_USED(MODULE_PSA_RIOT_HASHES_SHA_384))
+#include "hashes/sha384.h"
+
+typedef sha384_context_t psa_hashes_sha384_ctx_t;
+#endif
+
 #if (IS_USED(MODULE_PSA_RIOT_HASHES_SHA_512))
 #include "hashes/sha512.h"
 
 typedef sha512_context_t psa_hashes_sha512_ctx_t;
 #endif
 
+#if (IS_USED(MODULE_PSA_RIOT_HASHES_SHA_512_224))
+#include "hashes/sha512_224.h"
+
+typedef sha512_224_context_t psa_hashes_sha512_224_ctx_t;
+#endif
+
+#if (IS_USED(MODULE_PSA_RIOT_HASHES_SHA_512_256))
+#include "hashes/sha512_256.h"
+
+typedef sha512_256_context_t psa_hashes_sha512_256_ctx_t;
+#endif
+
 #if (IS_USED(MODULE_PSA_RIOT_HASHES_HMAC_SHA256))
 #include "hashes/sha256.h"
 #endif

diff --git a/sys/include/psa_crypto/psa/crypto_contexts.h b/sys/include/psa_crypto/psa/crypto_contexts.h
@@ -46,9 +46,18 @@ typedef union {
 #if IS_USED(MODULE_PSA_HASH_SHA_256) || defined(DOXYGEN)
     psa_hashes_sha256_ctx_t sha256; /**< SHA-256 context */
 #endif
+#if IS_USED(MODULE_PSA_HASH_SHA_384) || defined(DOXYGEN)
+    psa_hashes_sha384_ctx_t sha384; /**< SHA-384 context */
+#endif
 #if IS_USED(MODULE_PSA_HASH_SHA_512) || defined(DOXYGEN)
     psa_hashes_sha512_ctx_t sha512; /**< SHA-512 context */
 #endif
+#if IS_USED(MODULE_PSA_HASH_SHA_512_224) || defined(DOXYGEN)
+    psa_hashes_sha512_224_ctx_t sha512_224; /**< SHA-512/224 context */
+#endif
+#if IS_USED(MODULE_PSA_HASH_SHA_512_256) || defined(DOXYGEN)
+    psa_hashes_sha512_256_ctx_t sha512_256; /**< SHA-512/256 context */
+#endif
 } psa_hash_context_t;
 #endif